WordPress – The Most Popular, and Vulnerable, Content Platform

Did you know that it only takes one vulnerability to make it possible to steal your users’ data, deface your website, or infect the systems of your users who place their trust in your brand? During 2018 alone, 542 new WordPress vulnerabilities were reported, a 30% increase over 2017’s count of 418 new vulnerabilities. How will you keep your site secure in 2019?

The Core of The Issue

WordPress has been in development since 2003 and has been steadily growing year over year. As of April 2019, WordPress powers over one third of all websites2, however this market dominance is a double-edged sword. On one hand, WordPress users enjoy a large community of peers to help them with issues and to develop fantastic plugins and themes. On the other hand, when it comes to internet security, there is danger in numbers. As one platform grows in usage, so does the motivation for the hacker community to target it, and there has never been a platform as dominant as WordPress in the history of the internet. Fortunately, the team at WordPress has been quick to release updates for vulnerabilities found in WordPress core, but that doesn’t mean your site stays safe. A WordPress update must be applied within 24 hours to ensure your site’s security is maintained. With CLDevs’ Reliant Hosting, all sites hosted on our platform are updated to the latest WordPress version each night and tested before and after each upgrade.

The Weakest Link

Out of the 542 WordPress vulnerabilities disclosed in 2018, 98% of those vulnerabilities were found in plugins3, and it’s not just the plugin that can be exploited if it has a vulnerability. A vulnerability in a single installed plugin means your entire site is now at risk. While these community add-ons can save you time and give your site useful new features, the potential cost to your site’s security is clear. That’s not to say that everyone who uses WooCommerce, a WordPress plugin that is arguably the most popular eCommerce technology4, should shutdown for fear of being hacked. However, proceed with caution. By installing a plugin or theme on your site, you are trusting that individual developer or team not to leave a back door open to hackers. Unfortunately, as if the security concern wasn’t concern enough, we have found that installing plugin and theme updates are also the most likely cause of breaking a WordPress site.

Reliant WordPress Hosting

On our Reliant Hosting platform, we don’t allow just any plugin or theme to be installed. We take the time to understand it and review its security. We also add the plugin to our tracked addons list to receive immediate security news and updates so we can react as quickly as possible to protect our customers’ websites. Plugin and theme updates are done at minimum every week, or within 24 hours if there is a critical security issue. We backup all sites prior to updates in case the update should crash the site. We then copy the customer’s live site to a private testing site so we can see its effect without causing a problem with the live site. Only if the update passes testing do we then apply it to our customer’s public site. This is how Reliant Hosting ensures both security and stability with 3rd party WordPress addons.